Autoenrollment Client Root Certificates
Revision as of 17:18, 12 May 2011 by ElizaK
 Autoenrollment Client and CA Root Certificates
- Ensure there is a wired connection (or wireless connection with open security) between client and server.
- Open internet explore and go on: http://192.168.0.98/certsrv/
- Then key in your client ID, Ex. 192.168.0.98\8021xuser, and password, Ex. Radius01,to login the RADIUS server
 Install Client Certificate
- Select Request a certificate
- Select User Certificate
- Click on submit; then wait for the response from server
- Select install this certificate ; you might see the security warning message shown in the following figure. Select Yes to process the installation.
- If certificate is installed properly you will see a message Certificate installed
- After installing the client sertificate, you could export the client certificate to other client machines. The details about the exportation of client certificate is in the section of Exporting Client Certificate from Windows Certificate Store of a WinXP Client.
 Install CA Root Certificate
- Select Download a CA certificate chain or CRL on the home page of certificate service.
- Select Install this CA certificate chain. You might see the Potential Scripting Violation message comes up. Select Yes to proceed the installation.
- If certificate is installed properly you will see a message The CA certificate has been successfully installed
 Exporting Client Certificate from Windows Certificate Store of a WinXP Client
- Open a Microsoft Internet Exploer Browser. Clieck on Tools menu, then select Internet Options.
- Switch to Content tab then click on Certificate button.
- Under Personal tab, select a client certificate you would like to export. Here we have 8021xuser issued by Example CA. After selecting, click on Export button.
- Click the Next button when the export wizard appears. Select Yes, export the private key. Then Next.
- Select Personal Information Exchange - PKCS#12(.pfx) option and select option Include all certificates in the certification path if possible then Next.
- Enter and confirm a password which will be used for the encryption of the exported private key and certificate.
Note: the password you entered here is used for importing the certificate to other clients.
- Type a file name and choose a path where the certificate will be exposed to then click Next.
- Click on Finish. If the export is successful, we will see a message The export was successful. Now your client certificate has mobility for you to import it on other devices, Ex. Android handset.